1. List three risks in establishing a risk management initiative. Assess the probability and consequence of each risk.
Establishing a risk management initiative is in essence a business venture. With a business venture there are several risks involved. The first one is the venture itself. Venture is defined as the first step in a process, so you must be the one to actively go out and find an organization to start the risk analysis. The next part is how to integrate your risk management initiative model into the project you get assigned to. You become the middle man in this situation by understanding the customer’s needs and then adapting them to the organizations goals. The last part is allocating and managing the resources of the project. This includes coordination training for project participants to encourage their involvement in the risk management activities.
2. Compare and contrast contractual and organizational requirements for risk management.
In order to establish a risk management initiative, you should review where your project’s risk management requirements come from because these requirements are the drivers for establishing this initiative. Project requirements are a combination of contractual, organizational, and derived requirements. Contractual requirements for risk management are often contained in a statement of work (SOW), which typically specifies planning risk management activities and implementing risk management on a project. Organizational standards for risk management start with a policy that sets expectations for project behavior.
3. Explain why risk management is a derived requirements on most software development projects.
Some requirements are not explicitly stated but are derived from goals and objectives. Derived requirements for risk management can originate from the market place, competitive bids, the use of new technology, or system complexity. Risk management is a derived requirement from the need to nail the cost, schedule, or technical system performance. Another reason that risk management is a derived requirement for all software projects is the volatility of the software industry. Software has never been more complex or costly than in today’s environment.
4. What would you do if your organizational standard terminology for risk management was different from your customer’s vocabulary?
A project SOW is likely to contain contractual requirements for risk management. The vocabulary that describes risk management in the SOW, however, is often different for the organizational standard terminology. Contractors as software producers and customers as software consumers often use different words to describe similar concepts. A lookup table can be generated and used to translate customer requirements. It is best to use consistent terminology and avoid overloading words wherever possible.
5. List three resources that you need to manage risk.
Once risk management requirements are understood, you can plan for risk management activities. Specify project requirements help to define the tasks to plan and implement risk management. The scope of the activities is based on the project attributes of size, budget, and complexity and is adjusted to fit project constraints. The project planning process can be used to plan the risk management activities on the project. A sample project planning process is shown as an IDEF0 diagram below. The process elements Budget, Schedule, Staff, and Plan are the major tasks that transform requirements into cost estimates, a project schedule, an organization chart, and project plans. The risk management plan is integral part of project plans.
6. How could you add risk assessment as a line item cost to baseline software risk?
Risk is a potential loss, and the only way to turn that around is risk management. Risk management is an investment in future payoff. We manage risk to gain a return on investment. The old adage, “It takes money to make money”, reminds us that life accumulates. For example, we expect each dollar that we invest to double on a certain amount of time. This payoff cannot ne exactly known because of future uncertainty, such as inflation. But we do know that if we never invest the money, we will never have the opportunity for future payoff.
Budgeting for risk management activities is the initial investment required for future payoff. Later, mitigation costs are incurred when there is reason to believe that risk leverage exists. You should add a line item for each risk management activity on the project master schedule. Be sure to cost the baseline risk assessment using the assessment method that your project budget will support. How much does risk management cost? The answer to this question is the sum total of the budgeted line items.
7. How could you add time for risk management to project meeting agendas?
Schedule risk management activities – developing the risk management plan, training the people, baseline the risk, and verifying risk management practices – on the project master schedule. You may want to allocate more time on the schedule for high-risk area to ensure a delivery date. If your budget is inflexible, schedule a lower level of effort over an extended period to provide the time needed to address a high-risk area. Consider schedule dependencies for high-risk areas, to schedule the correct order of activity. Activities that are not completely in your control, such as those with external interfaces, often take longer. You can specifically schedule technical interchange meetings to address risk and incorporate risk issues within project reviews and their meeting agendas.
8. How could you encourage participation from customer, senior management, and the project team for managing risk?
Ultimately, the project manager is responsible for software risk, but the majority of the responsibility to manage risk must be delegated. People inherit responsibility for risk management by their assigned role on the project. For example, oversight for risk management verification can be delegated to quality assurance specialists. One way to coordinate risk management activities is to create a special assignment to the role of risk manager. This role is often filled by a senior technical person but is not required to be a full-time position. Staff risk management activities by including the appropriate mix of people. Encourage participation from the customer, senior management, and the project team.
9. In what way is training for risk management specific to a project?
Assigning responsibility for managing risk without the ability to execute the tsk is setting up people for failure. Coordinate risk management training for project staff to develop their ability to manage risk. With training, they will be prepared to perform risk management activities. Training should be specific to the project procedures that are used to implement the risk management plan.
Just-enough is a recommended approach for training material that builds on current knowledge. With just enough training, the people will not feel overwhelmed by the amount of information or feel they must become an expert overnight. They should understand there is a developmental path and know where they are on the path.
Just-in-time is another important concept. Train the project team so they can apply concepts immediately. Lectures must be accompanied by exercises that provide practice in applying new methods. There should also be time for answering questions that arise when people practice new methods.
10. Do you agree that destiny is a matter of choice? Discuss why you do or do not agree.
I believe that destiny is integrated in choice. Each choice we make leads us down a certain path and that path can be described as destiny. The choice you make at the beginning sets you down a path of failure or success. Each subsequent choice you make shapes your path and thus your destiny. When you make bad decisions that cause the ultimate failure of the project it is a lesson on what not to do. When you are given the opportunity again, you are armed with the foreknowledge of the path you walked before and have a chance to become a success on the second try. But, that only happens if you understand why you failed in the first place. Otherwise you will be destined to fail again.
Part IV - Chapter 14
1. List three risks in establishing a risk management initiative. Assess the probability and consequence of each risk.
2. Compare and contrast contractual and organizational requirements for risk management.
3. Explain why risk management is a derived requirements on most software development projects.
4. What would you do if your organizational standard terminology for risk management was different from your customer’s vocabulary?
5. List three resources that you need to manage risk.
6. How could you add risk assessment as a line item cost to baseline software risk?
7. How could you add time for risk management to project meeting agendas?
8. How could you encourage participation from customer, senior management, and the project team for managing risk?
9. In what way is training for risk management specific to a project?
10. Do you agree that destiny is a matter of choice? Discuss why you do or do not agree.
Project Home Next Section